Who is this course for?
For developers working in DevOps teams who want to learn more about security in this context or developers who want to learn more about securely developing software.
Why should you take this Security in DevOps / Secure Development course?
Teams are becoming more autonomous, and software deployments and changes to physical and virtual infrastructure are being implemented almost daily when necessary. For many firms, this results in a far more agile organisation, but where there are a lot of changes, risks can also easily arise.
On the “Security in DevOps/Secure Development” course, you learn to make security part of your work as a developer. Within a DevOps team, multiple disciplines are represented; this course is focused on developers. During the course, you learn the principles of secure software development, how you can make security part of your process and CI/CD pipeline, and how you can monitor systems and keep them secure.
You learn these subjects first by hearing and seeing them, and subsequently by doing a lot of practice on demanding and fun hacking challenges.
Results
After following the course, you will be capable of answering the following questions:
- How do I build secure software?
- How can I make software security part of my development process?
- Which elements of software security can I automate?
- How do I make others aware of the security status of my application?
- How do I secure my CI/CD pipeline?
- How do I securely design a production environment?
- Which security measures do I need to take in a container environment?
- Which security measures do I need to take in a cloud environment?
Programme
The course lasts two days. The first day is focused on DevOps processes and tooling and the second day on secure software development. The figure below depicts the most important subjects covered on the course.
Many different technologies are used within the DevOps world. Alongside different programming languages with their own ecosystems of frameworks, libraries and tools, the different build tools and cloud services also have their own ecosystems. Based on knowledge of the systems which you as a developer use in your environment, the concepts covered are made specific for the right context as far as possible, so that you can easily start applying what you have learned to your own situation. Within the course itself, the challenges will make use of various cloud and on-premise services and tools, such as Jenkins, TravisCI and Gitlab for CI/CD, Kubernetes, Docker and Ansible for infrastructure automation and various open source tools for SAST/DAST applications. We believe that people learn from hearing and seeing, but even more from doing. For this reason, this course also includes plenty of hacking challenges, which reinforce the theoretical concepts with practical experience. You tackle these challenges with the other participants at various moments during the course, and you can see each other’s progress on the scoreboard.
Training by our hackers
The most important thing that sets our courses apart is that they are taught by our own ethical hackers with programming knowledge. Our trainers are first and foremost passionate hackers who apply their skills to complex security projects on a daily basis. And who better to train a developer than a hacker?
Thanks to the enthusiasm with which they communicate their knowledge and vividly illustrate it with examples and practical situations, they are valued as trainers and guest speakers. Our trainers work at and are educated to higher vocational level/university level and are selected for their good communication and social skills.
Our vision of learning
We strongly believe in ‘learning by doing’. A theoretical framework is important for placing security testing within the security domain. But in order to really make the world of hacking tangible and increase security awareness, it is important to get the participants involved in practical assignments. At Computest, about 75% of the course consists of hands-on training.
With the help of interactive sessions and a range of challenges, participants learn to hack, draw up security plans and/or carry out tests. Our trainers supervise them intensively during the assignments and answer questions so that they can work independently in practice.
Assuring quality
Daan Keuper is responsible for the overall quality of our training. He is a top hacker; he has finished third in global hacking competitions three times and made the news by finding vulnerabilities in the iPhone and in a passenger vehicle. He also has over 10 years of experience in delivering security and other training courses for technical and non-technical participants.
Daan develops the customised courses, provides the teaching materials and constantly keeps them up to date. He delivers courses himself and is also responsible for selecting, training and supervising other trainers. Daan regularly sits in on courses to monitor their quality and the professionalism of the trainers and to provide guidance where necessary. We also ask our participants for feedback after each course by means of an anonymous tool. This feedback is discussed by Daan and the trainers in order to further improve our courses.
Price, dates and location
The course costs €9.900 (in-house) for a maximum of 10 participants per training.
We provide a pleasant and relaxed learning environment. The courses are held at the Computest office. We have a beautiful space available for this purpose with a roof terrace, and we also serve a delicious lunch. In-company training can also be delivered at the customer location.
Customisation
Tailor-made courses are always an option, for large or small groups. Thanks to the broad knowledge we have in-house, we can provide courses for all kinds of target groups and to a very high technical standard. Courses can also be focused on a particular topic, for example mobile apps. As such, you will always be able to find an appropriate course or have one tailored to your needs. Please contact us to discuss the options.